Deploying Printers with Group Policy using security filtering

Published on
16,539 Points
2 Endorsements
Last Modified:
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that.

In this Article I'll show how to deploy printers automatically with group policy and then using security filtering to only deploy the group policy to members of a particular security group.

To follow these steps I will be assuming that you have already setup a windows print server. In the example below I have used a windows 2003 virtual server in a 2003 AD Domain.

Install the printer on the print server as you would any other network printer. Create a new global group that will be given access to the GPO and thus the printer

Then create your GP object:
Create a new GP object with appropriate name
Go to User ConfigurationWindows Settings – and open Logon
Click on showfiles (Fig 1)and copy the file pushprinterconnections.exe into there (52KB)
Figure 1

Then click add and on script name type in pushprinterconnections.exe  (Fig 2) and click OK
 Figure 2
Giving appropriate access:
In the GPOE select the OU the GPO is under and expand on the left until you can click on the GP (fig.3)

Figure 3On the right hand side on the scope tab look below to see Security Filtering
Remove "Authenticated Users"
Add the global group you want to give access to the Group Policy
Deploying the printer on the print server:
In the printer management console right click the printer and click Deploy via group policy(fig 4)

 Figure 4
Click Browse and navigate to your newly created GPO  (Fig .5)

 Figure 5Select so that the GP only applies on the (per user)  (Fig .6)

Figure 6Click Add
You should get a screen that says the printer has been successfully deployed
Reboot once or twice and your printer will be installed automatically wherever you logon.

Hope you will find this Article helpful for your own printer deployments.
  • 2
  • 2

Expert Comment

wow that's way more complicated than what i do, i just add

rundll32 printui.dll,PrintUIEntry /in /n "\\printserver\printer

to their logon script in sysvol, works great, easy to manage and don't have to fiddle with group policy

Author Comment

Thanx for the input.
The purpose of the article is to automatically deploy printers based on which security group you belong to.
It gives you way more flexibility and control over which users get which printers.
Where as deploying it via login script limits you and you really dont want many different login scripts just to deploy a printer to a different ou.
Much harder to administer I think.

Expert Comment

sorry i re-read my comment and it came off way more negative then i intended, i should have asked, what the advantages of your way vs over the login script way.

our environment has about 30 offices that logon to our tserv, and based off their 3 letter office code (matching the name of the logon script), everyone in that office gets the same printers.  so would this maybe apply to my situation better if i had someone in an office that might have special needs/restrictions, or travels to other offices in our company?  or possible an office setup that isn't a free love about their printer setup as we are?  i'm just confused because it seems like adding a gpo is the same amount of work as a quick login script, and (i know i'm a wuss)  i don't like fiddling with gpos

thank you for your time and being nice even though even i think i sounded like a jerk at first :)

Author Comment

It would apply in an environment in where you need to have more control. Where not all users in a department share the same printer. Perhaps different departments or offices have different budgets. For example sometimes a user or group of users would abuse a printer and this way its much easier to simple remove them from a group than to create a whole new OU just for them.
Sometimes you may only want certain people to have access to the expensive color printer , and this way it would be as simple as adding or removing them from a security group.
This way takes a short while to setup if you want to do things right the first time, but once you did , managing them afterwards would be easier.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Join & Write a Comment

Hi, this video explains a free download that you can incorporate into your Access databases, or use stand-alone for contact management. Contacts -- Names, Addresses, Phone Numbers, eMail Addresses, Websites, Lists, Projects, Notes, Attachments…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month